Enviar pesquisa
Carregar
Module (10) NAT for IPV4.pptx
•
Transferir como PPTX, PDF
•
0 gostou
•
85 visualizações
G
GeorgeThoreJr
Seguir
NAT
Leia menos
Leia mais
Tecnologia
Vista de apresentação de diapositivos
Denunciar
Compartilhar
Vista de apresentação de diapositivos
Denunciar
Compartilhar
1 de 54
Baixar agora
Recomendados
Network Topology and its types
Network Topology and its types
Madhuri Badgujar
Network security - Basic concepts
Network security - Basic concepts
Khoa Nguyen
ccna networking ppt
ccna networking ppt
Er. Anmol Bhagat
Ccna notes
Ccna notes
Ramesh Kumar
CCNA
CCNA
Abhishek Parihari
Mitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
Network Layer
Network Layer
Kamal Acharya
Basics to Configure NW Device
Basics to Configure NW Device
Haitham El-Ghareeb
Recomendados
Network Topology and its types
Network Topology and its types
Madhuri Badgujar
Network security - Basic concepts
Network security - Basic concepts
Khoa Nguyen
ccna networking ppt
ccna networking ppt
Er. Anmol Bhagat
Ccna notes
Ccna notes
Ramesh Kumar
CCNA
CCNA
Abhishek Parihari
Mitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
Network Layer
Network Layer
Kamal Acharya
Basics to Configure NW Device
Basics to Configure NW Device
Haitham El-Ghareeb
MPLS Presentation
MPLS Presentation
Unni Kannan VijayaKumar
Basic networking 07-2012
Basic networking 07-2012
Samuel Dratwa
Networking Basics
Networking Basics
Mohd. ShahNawab
Networking Fundamentals
Networking Fundamentals
UMA MAHESWARI
basic networking
basic networking
Anmol Bagga
3GPP IMS
3GPP IMS
Chris Venteicher
Firewall
Firewall
Saurabh Chauhan
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Dr Shashikant Athawale
Computer Network Topologies (with animations)
Computer Network Topologies (with animations)
Damian T. Gordon
ARP
ARP
selvakumar_b1985
Bluetooth
Bluetooth
Sarah Saqib
The Osi Model
The Osi Model
Amit Pandey
CCNA Report
CCNA Report
Abhishek Parihari
COMPUTER NETWORKING
COMPUTER NETWORKING
Kiran Buriro
Mobile ipv6
Mobile ipv6
Paras Jha
Networking devices
Networking devices
NetProtocol Xpert
Networkingconcepts
Networkingconcepts
vasanthimuniasamy
CCNA Product Overview.pptx
CCNA Product Overview.pptx
KISHOYIANKISH
Nb iot (naik hetvi)
Nb iot (naik hetvi)
hetvi naik
Internet Protocol Detail Record
Internet Protocol Detail Record
devalnaik
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
newbie2019
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
Waqas Ahmed Nawaz
Mais conteúdo relacionado
Mais procurados
MPLS Presentation
MPLS Presentation
Unni Kannan VijayaKumar
Basic networking 07-2012
Basic networking 07-2012
Samuel Dratwa
Networking Basics
Networking Basics
Mohd. ShahNawab
Networking Fundamentals
Networking Fundamentals
UMA MAHESWARI
basic networking
basic networking
Anmol Bagga
3GPP IMS
3GPP IMS
Chris Venteicher
Firewall
Firewall
Saurabh Chauhan
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Dr Shashikant Athawale
Computer Network Topologies (with animations)
Computer Network Topologies (with animations)
Damian T. Gordon
ARP
ARP
selvakumar_b1985
Bluetooth
Bluetooth
Sarah Saqib
The Osi Model
The Osi Model
Amit Pandey
CCNA Report
CCNA Report
Abhishek Parihari
COMPUTER NETWORKING
COMPUTER NETWORKING
Kiran Buriro
Mobile ipv6
Mobile ipv6
Paras Jha
Networking devices
Networking devices
NetProtocol Xpert
Networkingconcepts
Networkingconcepts
vasanthimuniasamy
CCNA Product Overview.pptx
CCNA Product Overview.pptx
KISHOYIANKISH
Nb iot (naik hetvi)
Nb iot (naik hetvi)
hetvi naik
Internet Protocol Detail Record
Internet Protocol Detail Record
devalnaik
Mais procurados
(20)
MPLS Presentation
MPLS Presentation
Basic networking 07-2012
Basic networking 07-2012
Networking Basics
Networking Basics
Networking Fundamentals
Networking Fundamentals
basic networking
basic networking
3GPP IMS
3GPP IMS
Firewall
Firewall
Basic Concepts in Wireless LAN
Basic Concepts in Wireless LAN
Computer Network Topologies (with animations)
Computer Network Topologies (with animations)
ARP
ARP
Bluetooth
Bluetooth
The Osi Model
The Osi Model
CCNA Report
CCNA Report
COMPUTER NETWORKING
COMPUTER NETWORKING
Mobile ipv6
Mobile ipv6
Networking devices
Networking devices
Networkingconcepts
Networkingconcepts
CCNA Product Overview.pptx
CCNA Product Overview.pptx
Nb iot (naik hetvi)
Nb iot (naik hetvi)
Internet Protocol Detail Record
Internet Protocol Detail Record
Semelhante a Module (10) NAT for IPV4.pptx
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
newbie2019
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
Waqas Ahmed Nawaz
IPv4 adressing
IPv4 adressing
AssemNazirova2
Nat 03
Nat 03
Davinder Chauhan
Nat cisco
Nat cisco
moonmanik
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
Nil Menon
07_IP_Addressing ayudaok.pdf
07_IP_Addressing ayudaok.pdf
Josue138778
07_IP_Addressing.pdf
07_IP_Addressing.pdf
AdelfaJoycePagobo
IPv6 theoryfinalx
IPv6 theoryfinalx
Pawan Sharma
Rs instructor ppt_chapter11_final
Rs instructor ppt_chapter11_final
let's go to study
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
Vuz Dở Hơi
Chapter 11 - Network Address Translation for IPv4
Chapter 11 - Network Address Translation for IPv4
Yaser Rahmati
Chapter 22 : network address translation for IPv4
Chapter 22 : network address translation for IPv4
teknetir
Ccna1v3 mod09
Ccna1v3 mod09
igede tirtanata
Tcp ip protocol
Tcp ip protocol
saurav-IT
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
Vuz Dở Hơi
IP Routing on z/OS
IP Routing on z/OS
zOSCommserver
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Đồng Quốc Vương
Day 17.1 nat pat
Day 17.1 nat pat
CYBERINTELLIGENTS
Nat
Nat
lyndyv
Semelhante a Module (10) NAT for IPV4.pptx
(20)
Ccna rse chp9 nat fo i_pv4
Ccna rse chp9 nat fo i_pv4
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 9
IPv4 adressing
IPv4 adressing
Nat 03
Nat 03
Nat cisco
Nat cisco
CCNA 2 Routing and Switching v5.0 Chapter 11
CCNA 2 Routing and Switching v5.0 Chapter 11
07_IP_Addressing ayudaok.pdf
07_IP_Addressing ayudaok.pdf
07_IP_Addressing.pdf
07_IP_Addressing.pdf
IPv6 theoryfinalx
IPv6 theoryfinalx
Rs instructor ppt_chapter11_final
Rs instructor ppt_chapter11_final
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
CCNAv5 - S2: Chapter11 Network Address Translation for ipv4
Chapter 11 - Network Address Translation for IPv4
Chapter 11 - Network Address Translation for IPv4
Chapter 22 : network address translation for IPv4
Chapter 22 : network address translation for IPv4
Ccna1v3 mod09
Ccna1v3 mod09
Tcp ip protocol
Tcp ip protocol
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
CCNAv5 - S4: Chapter 5: Network Address Translation for ipv4
IP Routing on z/OS
IP Routing on z/OS
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Www ccnav5 net_ccna_1_chapter_8_v5_0_exam_answers_2014
Day 17.1 nat pat
Day 17.1 nat pat
Nat
Nat
Último
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
The Digital Insurer
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Boston Institute of Analytics
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
DianaGray10
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Andrey Devyatkin
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
The Digital Insurer
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
SynarionITSolutions
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Rafal Los
Último
(20)
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Module (10) NAT for IPV4.pptx
1.
Module 10: NAT
for IPv4
2.
2 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Module Objectives Module Title: NAT for IPv4 Module Objective: Configure NAT services on the edge router to provide IPv4 address scalability. Topic Title Topic Objective NAT Characteristics Explain the purpose and function of NAT. Types of NAT Explain the operation of different types of NAT. NAT Advantages and Disadvantages Describe the advantages and disadvantages of NAT. Static NAT Configure static NAT using the CLI. Dynamic NAT Configure dynamic NAT using the CLI. PAT Configure PAT using the CLI. NAT64 Describe NAT for IPv6.
3.
3 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.1 NAT Characteristics
4.
4 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Characteristics IPv4 Address Space • Networks are commonly implemented using private IPv4 addresses, as defined in RFC 1918. • Private IPv4 addresses cannot be routed over the internet and are used within an organization or site to allow devices to communicate locally. • To allow a device with a private IPv4 address to access devices and resources outside of the local network, the private address must first be translated to a public address. • NAT provides the translation of private addresses to public addresses. Class Activity Type Activity Name A 10.0.0.0 – 10.255.255.255 10.0.0.0/8 B 172.16.0.0 – 172.31.255.255 172.16.0.0/12 C 192.168.0.0 – 192.168.255.255 192.168.0.0/1 6
5.
5 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Characteristics What is NAT • The primary use of NAT is to conserve public IPv4 addresses. • NAT allows networks to use private IPv4 addresses internally and translates them to a public address when needed. • A NAT router typically operates at the border of a stub network. • When a device inside the stub network wants to communicate with a device outside of its network, the packet is forwarded to the border router which performs the NAT process, translating the internal private address of the device to a public, outside, routable address.
6.
6 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Characteristics How NAT Works PC1 wants to communicate with an outside web server with public address 209.165.201.1. 1. PC1 sends a packet addressed to the web server. 2. R2 receives the packet and reads the source IPv4 address to determine if it needs translation. 3. R2 adds mapping of the local to global address to the NAT table. 4. R2 sends the packet with the translated source address toward the destination. 5. The web server responds with a packet addressed to the inside global address of PC1 (209.165.200.226). 6. R2 receives the packet with destination address 209.165.200.226. R2 checks the NAT table and finds an entry for this mapping. R2 uses this information and translates the inside global address (209.165.200.226) to the inside local address (192.168.10.10), and the packet is forwarded toward PC1.
7.
7 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Characteristics NAT Terminology NAT includes four types of addresses: • Inside local address • Inside global address • Outside local address • Outside global address NAT terminology is always applied from the perspective of the device with the translated address: • Inside address - The address of the device which is being translated by NAT. • Outside address - The address of the destination device. • Local address - A local address is any address that appears on the inside portion of the network. • Global address - A global address is any address that appears on the outside portion of the network.
8.
8 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Characteristics NAT Terminology (Cont.) Inside local address The address of the source as seen from inside the network. This is typically a private IPv4 address. The inside local address of PC1 is 192.168.10.10. Inside global addresses The address of source as seen from the outside network. The inside global address of PC1 is 209.165.200.226 Outside global address The address of the destination as seen from the outside network. The outside global address of the web server is 209.165.201.1 Outside local address The address of the destination as seen from the inside network. PC1 sends traffic to the web server at the IPv4 address 209.165.201.1. While uncommon, this address could be different than the globally routable address of the destination.
9.
9 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Check Your Understanding 1. Refer to the Exhibit. What type of NAT address is the IP address of PC1 (i.e., 192.168.10.10)? A) Outside Local B) Inside Local C) Outside Global D) Inside Global
10.
10 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Check Your Understanding 2. Refer to the Exhibit. Into what type of address has the IPv4 address for PC1 been translated (i.e. 209.165.200.226)? A) Outside Local B) Inside Local C) Outside Global D) Inside Global
11.
11 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Check Your Understanding 3. Refer to the Exhibit. What type of NAT address is the IP address on the Web Server (i.e. 209.165.201.10)? A) Outside Local B) Inside Local C) Outside Global D) Inside Global
12.
12 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.2 Types of NAT
13.
13 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Types of NAT Static NAT Static NAT uses a one-to-one mapping of local and global addresses configured by the network administrator that remain constant. • Static NAT is useful for web servers or devices that must have a consistent address that is accessible from the internet, such as a company web server. • It is also useful for devices that must be accessible by authorized personnel when offsite, but not by the general public on the internet. Note: Static NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.
14.
14 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Types of NAT Dynamic NAT Dynamic NAT uses a pool of public addresses and assigns them on a first- come, first-served basis. • When an inside device requests access to an outside network, dynamic NAT assigns an available public IPv4 address from the pool. • The other addresses in the pool are still available for use. Note: Dynamic NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.
15.
15 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Types of NAT Port Address Translation Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. • With PAT, when the NAT router receives a packet from the client, it uses the source port number to uniquely identify the specific NAT translation. • PAT ensures that devices use a different TCP port number for each session with a server on the internet.
16.
16 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Types of NAT Next Available Port PAT attempts to preserve the original source port. If the original source port is already used, PAT assigns the first available port number starting from the beginning of the appropriate port group 0- 511, 512-1,023, or 1,024-65,535. • When there are no more ports available and there is more than one external address in the address pool, PAT moves to the next address to try to allocate the original source port. • The process continues until there are no more available ports or external IPv4 addresses in the address pool.
17.
17 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Types of NAT NAT and PAT Comparison Summary of the differences between NAT and PAT. NAT - Only modifies the IPv4 addresses PAT - PAT modifies both the IPv4 address and the port number. Inside Global Address Inside Local Address 209.165.200.226 192.168.10.10 Inside Global Address Inside Local Address 209.165.200.226:2031 192.168.10.10:2031 NAT PAT One-to-one mapping between Inside Local and Inside Global addresses. One Inside Global address can be mapped to many Inside Local addresses. Uses only IPv4 addresses in translation process. Uses IPv4 addresses and TCP or UDP source port numbers in translation process. A unique Inside Global address is required for each inside host accessing the outside network. A single unique Inside Global address can be shared by many inside hosts accessing the outside network.
18.
18 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.3 NAT Advantages and Disadvantages
19.
19 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Advantages and Disadvantages Advantages of NAT NAT provides many benefits: • NAT conserves the legally registered addressing scheme by allowing the privatization of intranets. • NAT conserves addresses through application port-level multiplexing. • NAT increases the flexibility of connections to the public network. • NAT provides consistency for internal network addressing schemes. • NAT allows the existing private IPv4 address scheme to remain while allowing for easy change to a new public addressing scheme. • NAT hides the IPv4 addresses of users and other devices.
20.
20 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT Advantages and Disadvantages Disadvantages of NAT NAT does have drawbacks: • NAT increases forwarding delays. • End-to-end addressing is lost. • End-to-end IPv4 traceability is lost. • NAT complicates the use of tunneling protocols, such as IPsec. • Services that require the initiation of TCP connections from the outside network, or stateless protocols, such as those using UDP, can be disrupted.
21.
21 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Check Your Understanding 1. True or False? A side effect of NAT is that it hides the inside local IP address of a host from the outside network. A) True B) False 2. True or False? With NAT overload, each inside local IP address is translated to a unique inside global IP address on a one-for-one basis. A) True B) False 3. True or False? The use of NAT makes end to end traceability between source and destination easier. A) True B) False
22.
22 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.4 Static NAT
23.
23 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Static NAT Scenario • Static NAT is a one-to-one mapping between an inside address and an outside address. • Static NAT allows external devices to initiate connections to internal devices using the statically assigned public address. • For instance, an internal web server may be mapped to a specific inside global address so that it is accessible from outside networks.
24.
24 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Configure Static NAT There are two basic tasks when configuring static NAT translations: • Step 1 - Create a mapping between the inside local address and the inside global addresses using the ip nat inside source static command. • Step 2 - The interfaces participating in the translation are configured as inside or outside relative to NAT with the ip nat inside and ip nat outside commands. R2(config)# ip nat inside source static 192.168.10.254 209.165.201.5 R2(config)# R2(config)# interface serial 0/1/0 R2(config-if)# ip address 192.168.1.2 255.255.255.252 R2(config-if)# ip nat inside R2(config-if)# exit R2(config)# interface serial 0/1/1 R2(config-if)# ip address 209.165.200.1 255.255.255.252 R2(config-if)# ip nat outside
25.
25 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Analyze Static NAT The static NAT translation process between the client and the web server: 1. The client sends a packet to the web server. 2. R2 receives packets from the client on its NAT outside interface and checks its NAT table. 3. R2 translates the inside global address of to the inside local address and forwards the packet towards the web server. 4. The web server receives the packet and responds to the client using its inside local address. 5. (a) R2 receives the packet from the web server on its NAT inside interface with source address of the inside local address of the web server and (b) translates the source address to the inside global address.
26.
26 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Static NAT To verify NAT operation, issue the show ip nat translations command. • This command shows active NAT translations. • Because the example is a static NAT configuration, the translation is always present in the NAT table regardless of any active communications. • If the command is issued during an active session, the output also indicates the address of the outside device. R2# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.201.5 192.168.10.254 --- --- Total number of translations: 1 R2# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 209.165.201.5 192.168.10.254 209.165.200.254 209.165.200.254 --- 209.165.201.5 192.168.10.254 --- --- Total number of translations: 2
27.
27 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Static NAT (Cont.) Another useful command is show ip nat statistics. • It displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and the number of addresses that have been allocated. • To verify that the NAT translation is working, it is best to clear statistics from any past translations using the clear ip nat statistics command before testing. R2# show ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Outside interfaces: Serial0/1/1 Inside interfaces: Serial0/1/0 Hits: 4 Misses: 1 (output omitted)
28.
28 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.5 Dynamic NAT
29.
29 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Dynamic NAT Scenario • Dynamic NAT automatically maps inside local addresses to inside global addresses. • Dynamic NAT uses a pool of inside global addresses. • The pool of inside global addresses is available to any device on the inside network on a first-come first- served basis. • If all addresses in the pool are in use, a device must wait for an available address before it can access the outside network.
30.
30 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Configure Dynamic NAT There are five tasks when configuring dynamic NAT translations: • Step 1 - Define the pool of addresses that will be used for translation using the ip nat pool command. • Step 2 - Configure a standard ACL to identify (permit) only those addresses that are to be translated. • Step 3 - Bind the ACL to the pool, using the ip nat inside source list command. R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224 R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 R2(config)# ip nat inside source list 1 pool NAT-POOL1
31.
31 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Configure Dynamic NAT (Cont.) There are five tasks when configuring dynamic NAT translations: • Step 4 - Identify which interfaces are inside. • Step 5 - Identify which interfaces are outside. R2(config)# ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224 R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 R2(config)# ip nat inside source list 1 pool NAT-POOL1 R2(config)# interface serial 0/1/0 R2(config-if)# ip nat inside R2(config-if)# interface serial 0/1/1 R2(config-if)# ip nat outside
32.
32 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Analyze Dynamic NAT – Inside to Outside Dynamic NAT translation process: 1. PC1 and PC2 send packets requesting a connection to the server. 2. R2 receives the first packet from PC1, checks the ALC to determine if the packet should be translated, selects an available global address, and creates a translation entry in the NAT table. 3. R2 replaces the inside local source address of PC1, 192.168.10.10, with the translated inside global address of 209.165.200.226 and forwards the packet. (The same process occurs for the packet from PC2 using the translated address of 209.165.200.227.)
33.
33 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Analyze Dynamic NAT – Outside to Inside Dynamic NAT translation process: 4. The server receives the packet from PC1 and responds using the destination address of 209.165.200.226. The server receives the packet from PC2, it responds to using the destination address of 209.165.200.227. 5. (a) When R2 receives the packet with the destination address of 209.165.200.226; it performs a NAT table lookup and translates the address back to the inside local address and forwards the packet toward PC1. (b) When R2 receives the packet with the destination address of 209.165.200.227; it performs a NAT table lookup and translates the address back to the inside local address 192.168.11.10 and forwards the packet toward PC2.
34.
34 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Analyze Dynamic NAT – Outside to Inside (Cont.) Dynamic NAT translation process: 6. PC1 and PC2 receive the packets and continue the conversation. The router performs Steps 2 to 5 for each packet.
35.
35 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Dynamic NAT The output of the show ip nat translations command displays all static translations that have been configured and any dynamic translations that have been created by traffic. R2# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 209.165.200.228 192.168.10.10 --- --- --- 209.165.200.229 192.168.11.10 --- --- R2#
36.
36 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Dynamic NAT (Cont.) Adding the verbose keyword displays additional information about each translation, including how long ago the entry was created and used. R2# show ip nat translation verbose Pro Inside global Inside local Outside local Outside global tcp 209.165.200.228 192.168.10.10 --- --- create 00:02:11, use 00:02:11 timeout:86400000, left 23:57:48, Map-Id(In): 1, flags: none, use_count: 0, entry-id: 10, lc_entries: 0 tcp 209.165.200.229 192.168.11.10 --- --- create 00:02:10, use 00:02:10 timeout:86400000, left 23:57:49, Map-Id(In): 1, flags: none, use_count: 0, entry-id: 12, lc_entries: 0 R2#
37.
37 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Dynamic NAT (Cont.) By default, translation entries time out after 24 hours, unless the timers have been reconfigured with the ip nat translation timeout timeout-seconds command in global configuration mode. To clear dynamic entries before the timeout has expired, use the clear ip nat translation privileged EXEC mode command. R2# clear ip nat translation * R2# show ip nat translation Command Description clear ip nat translation * Clears all dynamic address translation entries from the NAT translation table. clear ip nat translation inside global-ip local-ip [outside local-ip global-ip] Clears a simple dynamic translation entry containing an inside translation or both inside and outside translation. clear ip nat translation protocol inside global-ip global-port local-ip local-port [ outside local-ip local-port global-ip global- port] Clears an extended dynamic translation entry.
38.
38 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Dynamic NAT (Cont.) The show ip nat statistics command displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and how many of the addresses have been allocated. R2# show ip nat statistics Total active translations: 4 (0 static, 4 dynamic; 0 extended) Peak translations: 4, occurred 00:31:43 ago Outside interfaces: Serial0/1/1 Inside interfaces: Serial0/1/0 Hits: 47 Misses: 0 CEF Translated packets: 47, CEF Punted packets: 0 Expired translations: 5 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 pool NAT-POOL1 refcount 4 pool NAT-POOL1: netmask 255.255.255.224 start 209.165.200.226 end 209.165.200.240 type generic, total addresses 15, allocated 2 (13%), misses 0 (output omitted) R2#
39.
39 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Static NAT Verify Dynamic NAT (Cont.) The show running-config command and show s the NAT, ACL, interface, or pool commands with the required values. R2# show running-config | include NAT ip nat pool NAT-POOL1 209.165.200.226 209.165.200.240 netmask 255.255.255.224 ip nat inside source list 1 pool NAT-POOL1
40.
40 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.6 PAT
41.
41 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Configure PAT to Use a Single IPv4 Address To configure PAT to use a single IPv4 address, add the keyword overload to the ip nat inside source command. In the example, all hosts from network 192.168.0.0/16 (matching ACL 1) that send traffic through router R2 to the internet will be translated to IPv4 address 209.165.200.225 (IPv4 address of interface S0/1/1). The traffic flows will be identified by port numbers in the NAT table because the overload keyword is configured. R2(config)# ip nat inside source list 1 interface serial 0/1/0 overload R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 R2(config)# interface serial0/1/0 R2(config-if)# ip nat inside R2(config-if)# exit R2(config)# interface Serial0/1/1 R2(config-if)# ip nat outside
42.
42 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Configure PAT to Use an Address Pool An ISP may allocate more than one public IPv4 address to an organization. In this scenario the organization can configure PAT to use a pool of IPv4 public addresses for translation. To configure PAT for a dynamic NAT address pool, simply add the keyword overload to the ip nat inside source command. In the example, NAT-POOL2 is bound to an ACL to permit 192.168.0.0/16 to be translated. These hosts can share an IPv4 address from the pool because PAT is enabled with the keyword overload. R2(config)# ip nat pool NAT-POOL2 209.165.200.226 209.165.200.240 netmask 255.255.255.224 R2(config)# access-list 1 permit 192.168.0.0 0.0.255.255 R2(config)# ip nat inside source list 1 pool NAT-POOL2 overload R2(config)# interface serial0/1/0 R2(config-if)# ip nat inside R2(config-if)# interface serial0/1/0 R2(config-if)# ip nat outside
43.
43 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Analyze PAT – Server to PC 1. PC1 and PC2 send packets to Svr1 and Svr2. 2. The packet from PC1 reaches R2 first. R2 modifies the source IPv4 address to 209.165.200.225 (inside global address). The packet is then forwarded towards Svr1. 3. The packet from PC2 arrives at R2. PAT changes the source IPv4 address of PC2 to the inside global address 209.165.200.225. PC2 has the same source port number as the translation for PC1. PAT increments the source port number until it is a unique value in its table. In this instance, 1445.
44.
44 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Analyze PAT – PC to Server 1. PC1 and PC2 send packets to Svr1 and Svr2. 2. The packet from PC1 reaches R2 first. R2 modifies the source IPv4 address to 209.165.200.225 (inside global address). The packet is then forwarded towards Svr1. 3. The packet from PC2 arrives at R2. PAT changes the source IPv4 address of PC2 to the inside global address 209.165.200.225. PC2 has the same source port number as the translation for PC1. PAT increments the source port number until it is a unique value in its table. In this instance, it is 1445.
45.
45 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Analyze PAT – Server to PC 1. The servers use the source port from the received packet as the destination port, and the source address as the destination address for the return traffic. 2. R2 changes the destination IPv4 address of the packet from Srv1 from 209.165.200.225 to 192.168.10.10, and forwards the packet toward PC1. 3. R2 changes the destination address of packet from Srv2. from 209.165.200.225 to 192.168.10.11. and modifies the destinations port back to its original value of 1444. The packet is then forwarded toward PC2.
46.
46 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Verify PAT The same commands used to verify static and dynamic NAT are used to verify PAT. The show ip nat translations command displays the translations from two different hosts to different web servers. Notice that two different inside hosts are allocated the same IPv4 address of 209.165.200.226 (inside global address). The source port numbers in the NAT table differentiate the two transactions. R2# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 209.165.200.225:1444 192.168.10.10:1444 209.165.201.1:80 209.165.201.1:80 tcp 209.165.200.225:1445 192.168.11.10:1444 209.165.202.129:80 209.165.202.129:80 R2#
47.
47 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential PAT Verify PAT (Cont.) The show ip nat statistics command verifies that NAT-POOL2 has allocated a single address for both translations. Also shown are the number and type of active translations, NAT configuration parameters, the number of addresses in the pool, and how many have been allocated. R2# show ip nat statistics Total active translations: 4 (0 static, 2 dynamic; 2 extended) Peak translations: 2, occurred 00:31:43 ago Outside interfaces: Serial0/1/1 Inside interfaces: Serial0/1/0 Hits: 4 Misses: 0 CEF Translated packets: 47, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 3] access-list 1 pool NAT-POOL2 refcount 2 pool NAT-POOL2: netmask 255.255.255.224 start 209.165.200.225 end 209.165.200.240 type generic, total addresses 15, allocated 1 (6%), misses 0 (output omitted) R2#
48.
48 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential 10.7 NAT64
49.
49 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT64 NAT for IPv6? IPv6 was developed with the intention of making NAT for IPv4 with translation between public and private IPv4 addresses unnecessary. • However, IPv6 does include its own IPv6 private address space, unique local addresses (ULAs). • IPv6 unique local addresses (ULA) are similar to RFC 1918 private addresses in IPv4 but have a different purpose. • ULA addresses are meant for only local communications within a site. ULA addresses are not meant to provide additional IPv6 address space, nor to provide a level of security. • IPv6 does provide for protocol translation between IPv4 and IPv6 known as NAT64.
50.
50 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential NAT64 NAT64 • NAT for IPv6 is used in a much different context than NAT for IPv4. • The varieties of NAT for IPv6 are used to transparently provide access between IPv6-only and IPv4-only networks, as shown. It is not used as a form of private IPv6 to global IPv6 translation. • NAT for IPv6 should not be used as a long-term strategy, but as a temporary mechanism to assist in the migration from IPv4 to IPv6.
51.
51 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Summary
52.
52 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Module Practice and Quiz What did I learn in this module? • There are not enough public IPv4 addresses to assign a unique address to each device connected to the internet. • The primary use of NAT is to conserve public IPv4 addresses. • In NAT terminology, the inside network is the set of networks that is subject to translation. The outside network refers to all other networks. • NAT terminology is always applied from the perspective of the device with the translated address. • Inside address are the address of the device which is being translated by NAT. • Outside address are the address of the destination device. • Local address is any address that appears on the inside portion of the network. • Global address is any address that appears on the outside portion of the network. • Static NAT uses a one-to-one mapping of local and global addresses. • Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis.
53.
53 © 2016 Cisco
and/or its affiliates. All rights reserved. Cisco Confidential Module Practice and Quiz What did I learn in this module? (Cont.) • Port Address Translation (PAT), also known as NAT overload, maps multiple private IPv4 addresses to a single public IPv4 address or a few addresses. • NAT increases forwarding delays because the translation of each IPv4 address within the packet headers takes time. • NAT complicates the use of tunneling protocols, such as IPsec, because NAT modifies values in the headers, causing integrity checks to fail. • The show ip nat translations command displays all static translations that have been configured and any dynamic translations that have been created by traffic. • To clear dynamic entries before the timeout has expired, use the clear ip nat translation privileged EXEC mode command. • IPv6 was developed with the intention of making NAT for IPv4 with translation between public and private IPv4 addresses unnecessary. • IPv6 unique local addresses (ULA) are similar to RFC 1918 private addresses in IPv4 but have a different purpose. • IPv6 does provide for protocol translation between IPv4 and IPv6 known as NAT64.
Baixar agora